Thursday, December 15, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
The Fevered Anti-China Attitude in Washington Is Going to Backfire
FROM THE MEDIA: With little fanfare or public debate, America has embarked on one of its most difficult and dangerous international challenges since the Cold War. The task: reversing decades of economic and technological integration with its chief rival, China. This technological decoupling, if done selectively, will help to preserve America’s military edge, protect key U.S. industries from unfair competition, and push back on Beijing’s human rights abuses. But if decoupling goes too far, it will drag down the U.S. economy, drive away allies, stymie efforts to address global crises like climate change, and increase the odds of a catastrophic war.
READ THE STORY: Politico
How ChatGPT can turn anyone into a ransomware and malware threat actor
FROM THE MEDIA: Ever since OpenAI launched ChatGPT at the end of November, commentators on all sides have been concerned about the impact AI-driven content-creation will have, particularly in the realm of cybersecurity. In fact, many researchers are concerned that generative AI solutions will democratize cybercrime. With ChatGPT, any user can enter a query and generate malicious code and convincing phishing emails without any technical expertise or coding knowledge.
READ THE STORY: VB
North Korean Hackers Push Crypto App on Telegram to Lure Victims
FROM THE MEDIA: Sometimes cryptocurrency apps promise to help users get rich. Sometimes they’re actually just tools for North Korean hackers. Take Somora, for instance. It’s an app that promises to give users a way to safely store their cryptocurrency. In fact, the software is loaded with North Korean malware, researchers from three threat intelligence firms told me. The nefarious goal is to trick users into downloading the app onto their phones to give hackers access to their virtual currency.
READ THE STORY: Bloomberg
Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs
FROM THE MEDIA: An Iranian cyber espionage gang with ties to the Islamic Revolutionary Guard Corps has learned new methods and phishing techniques, and aimed them at a wider set of targets – including politicians, government officials, critical infrastructure and medical researchers – according to email security vendor Proofpoint. Over the past two years, the threat actor group that Proofpoint's researchers track as TA453 (other intel teams call this state-backed gang Charming Kitten, Phosphorus, and APT42) has branched out from its usual victims – academics, researchers, diplomats, dissidents, journalists and human rights workers – and adopted new means of attack.n operators can freely share disinformation due to the lack of content moderation.
READ THE STORY: The Register // TechRepublic
Cyber-espionage group Cloud Atlas targets Russia and its supporters
FROM THE MEDIA: The cyber-espionage group Cloud Atlas has ramped up activities targeting Russia, Belarus and disputed parts of Ukraine and Moldova since Russia’s invasion this year, according to a new report. he group has been active since 2014, according to research published by Check Point last week, but since the outbreak of the war in Ukraine it has mainly attacked “high profile victims” in Russia, Belarus, Transnistria (a pro-Kremlin breakaway region of Moldova), and Russian-annexed territories of Ukraine, including Crimea, Luhansk, and Donetsk. The goals of the group are espionage and theft of confidential information, according to researchers from Positive Technologies. It is not yet clear who is behind the group.
READ THE STORY: The Record
Automated Cybercampaign Creates Masses of Bogus Software Building Blocks
FROM THE MEDIA: An automated attack within the NuGet open source ecosystem for .NET developers has resulted in a flood of malicious packages containing links to phishing campaigns. That's according to a joint report on Wednesday from Checkmarx and Illustria, which, upon digging deeper, found that automated attacks are taking aim on a broad level, against users of the npm, NuGet, and PyPI software developer ecosystems. The attack vector in the NuGet ecosystem involves the use of automated processes to create a large number of packages with names and descriptions designed to lure those interested in hacking, cheats, and free resources. These contain links to phishing campaigns built to steal personal information or other sensitive data.
READ THE STORY: DARKReading
Attackers use SVG files to smuggle QBot malware onto Windows systems
FROM THE MEDIA: QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. This attack is made through embedded SVG files containing JavaScript that reassemble a Base64 encoded QBot malware installer that is automatically downloaded through the target's browser. QBot is a Windows malware arriving via a phishing email that loads other payloads, including Cobalt Strike, Brute Ratel, and ransomware. HTML smuggling is a technique used to "smuggle" encoded JavaScript payloads inside an HTML attachment or a website.
READ THE STORY: Bleeping Computer // Security Affairs
Musk's Twitter tweaks foreshadow EU showdown over new rules
FROM THE MEDIA: Self-proclaimed free speech warrior Elon Musk’s more unfettered version of Twitter could collide with new rules in Europe, where officials warn that the social media company will have to comply with some of the world’s toughest laws targeting toxic content. While the new digital rulebook means the European Union is likely to be a global leader in cracking down on Musk’s reimagined platform, the 27-nation bloc will face its own challenges forcing Twitter and other online companies to comply. The law doesn’t fully take effect until 2024, and EU officials are scrambling to recruit enough workers to hold Big Tech to account.
READ THE STORY: Chron
Hackers target Japanese politicians with new MirrorStealer malware
FROM THE MEDIA: A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named ‘MirrorStealer.’ The campaign was discovered by ESET, whose analysts report they could piece together evidence thanks to operational mistakes made by the hackers that left traces behind. The hackers deployed the new information-stealing malware along with the group’s signature backdoor, LODEINFO, which communicated with a C2 server known to belong to APT10 infrastructure.
READ THE STORY: Bleeping Computer
National Grid harnesses satellite tech to boost resilience of energy networks
FROM THE MEDIA: National Grid is using innovative satellite technology to boost the resilience of the energy network against climate change, improve its reliability and make millions in cost savings. The Eye in the Sky initiative is being led by National Grid alongside partners European Space Agency, Cranfield University, satellite data specialist Spottitt and expert in risk management and quality assurance DNV, and it is being funded by Ofgem and Innovate UK’s Strategic Innovation Fund. It is exploring how satellite imagery and data analytics could improve the visibility of electricity and gas network infrastructure in Britain, providing additional monitoring of the condition and the changes to the surrounding environment 24 hours a day.
READ THE STORY: New Civil Engineer
U.S. space internet companies fear competitive threat from China
FROM THE MEDIA: In the global race to deploy broadband constellations in low Earth orbit, the United States holds a major advantage. However, the U.S. government should “enact policies and incentives to keep U.S. companies competitive internationally” especially against China, says a new report released Dec. 14 by the Center for Strategic and International Studies. The study, funded by satellite broadband firms Amazon Kuiper and SpaceX, argues that economic and regulatory issues are creating competitive pressures for U.S. industry.
READ THE STORY: SN
North Korean Hackers Exploit Social Media to Fund Missile Program
FROM THE MEDIA: Pyongyang has been launching missiles with unprecedented frequency. Crypto asset theft by North Korean hackers is reportedly one of the sources funding their missile development. The North Korean hacker group Lazarus has a worldwide reach. Its cyberattacks against crypto asset providers this year alone have caused an estimated tens of billions of yen worth of damage. Although countries have strengthened countermeasures and sanctions in response, the damage continues to spread. The regime's methods and money laundering schemes are getting increasingly sophisticated.
READ THE STORY: Japan Forward
Advanced Azov data wiper likely to become active threat
FROM THE MEDIA: An emergent data wiper ransomware known as Azov – which first came to attention as a payload delivered by the SmokeLoader botnet – is becoming increasingly widespread and seems to be on its way to being an active and dangerous threat, according to researchers at Check Point. Azov is distinct from more common or garden forms of ransomware because it is capable of modifying certain 64-bit executables to run its own code, explained Check Point researcher Jiří Vinopal, who said this feature harked back to a more old-fashioned kind of malware.
READ THE STORY: Computer Weekly
The NDAA Includes Prohibitions Targeting Semiconductors Similar to Section 889
FROM THE MEDIA: Congress is advancing the final version of the National Defense Authorization Act (NDAA) for Fiscal Year 2023 (FY 2023). With provisions similar to Section 889 of the FY 2019 NDAA, Section 5949 of the FY 2023 NDAA prohibits executive agencies from procuring or contracting with entities to obtain any electronic parts, products, or services that include covered semiconductor products or services from certain Chinese companies. The House passed the FY 2023 NDAA on December 8, 2022, and the Senate is expected to vote this week, which will send the bill to the President for his signature.
READ THE STORY: Wiley
North Korean Hackers Trick Foreign researchers into writing intel
FROM THE MEDIA: Connectivity provides manufacturing plant operations many advantages like increased productivity, faster identification and remediation of quality defects, and better collaboration across functional areas. However, this connectivity is dramatically increasing smart factories’ vulnerabilities and leaving them exposed to cybersecurity threats. In a recent survey by Deloitte and the Manufacturers Alliance for Productivity and Innovation, 48% of respondents identified operational risks, which include cybersecurity, as the greatest danger to smart factory initiatives. Food and beverage processing plants are under particular assault.
READ THE STORY: CyberSecurityConnect
US-China trade war continues to polarise the physical security market
FROM THE MEDIA: “In recent years US-China geopolitical tensions within the physical security industry have escalated,” reports our latest security research. “Tensions between China and the US have seen a series of legislative moves, new sanctions, and tit-for-tat trade barriers erected that have hugely disrupted the flow of both physical security products and key product components critical to ongoing innovation between the two nations, as well as the ability of their respective manufacturers to trade in their respective markets.
READ THE STORY: IFSEC Global
Charges dropped against French company over Egypt spyware
FROM THE MEDIA: A Paris court ordered charges to be dropped Wednesday against a French company and its managers who were accused of complicity in torture after selling sophisticated spyware to the Egyptian government. Nexa Technologies and four executives were charged in 2021 over the sale of the Cerebro software to Egypt enabling President Abdel Fattah al-Sisi's regime to spy on political opponents. The Paris appeals court quashed the charges against chairman Olivier Bohbot and CEO Stephane Salies among others, but did not order the case to be closed, meaning investigating magistrates will continue their enquiries. Lawyers for the International Federation for Human Rights called the decision a "major disappointment" but said the "story was far from being over."
READ THE STORY: TechXplore
China reportedly bars export of homebrew Loongson chips to Russia – and everywhere else
FROM THE MEDIA: China has reportedly banned the export of chips that use the locally-designed Loongson architecture. A story in Russian business publication Коммерсантъ (Kommersant) cites sources at the Ministry of Digital Development as having said Beijing won't let military-grade Loongson kit cross the border to Russia, or any other nation. Beijing's reason is that the chips have defense applications and are therefore too sensitive to be allowed to leave the Middle Kingdom.
READ THE STORY: The Register
NSA says Chinese hackers are exploiting a zero-day bug in popular networking gear
FROM THE MEDIA: The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks. The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices — no passwords needed. Citrix also says the flaw is being actively exploited by threat actors.
READ THE STORY: TC
Scanning assets in the cloud: Challenges and improvements to make
FROM THE MEDIA: Keeping tabs on all of an organization's assets can be a challenge. Cloud service adoption, remote work and the occasional BYOD have changed (and expanded) what constitutes an organization's attack surface. But how do we secure the new perimeter? "Without a full, detailed inventory of all your IT assets," said cloud-security firm Qualys in a recent white paper, "your infosec team won't be able to properly protect your organization because the things that pose the highest risk are the ones that you don't know are there.
READ THE STORY: SCMAG
Severe vulnerabilities found in most industrial controllers
FROM THE MEDIA: The convergence of operational technology (OT) and information technology — which is more focused on collecting and transmitting data — in “internet of things” (IoT) devices such as routers and cameras means the threat is rising, Microsoft fears. That’s especially true for the most vital U.S. infrastructures. “While the prevalence of IoT and OT vulnerabilities presents a challenge for all organizations, critical infrastructure is at increased risk,” reads the latest edition of “Cyber Signals,” an ongoing Microsoft series of threat intelligence briefings. “Disabling critical services, not even necessarily destroying them, is a powerful lever.”
READ THE STORY: The Washington Post
CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks
FROM THE MEDIA: CISA added five flaws to its catalog on Tuesday, including ones affecting Veeam, Fortinet, Microsoft and Citrix products. Two security holes affecting Veeam’s Backup & Replication enterprise backup solution have been added to the list. The product is designed for automating workload backups and discovery across cloud, virtual, physical and NAS environments. The vulnerabilities, tracked as CVE-2022-26500 and CVE-2022-26501, have been rated ‘critical’ and they can be exploited by a remote, unauthenticated attacker for arbitrary code execution, which can lead to the hacker taking control of the targeted system.
READ THE STORY: Security Week
A Tool Capable of Tracking Cybercrime Financial Transactions in Bitcoin
FROM THE MEDIA: IMDEA Software researchers Gibran Gómez, Pedro Moreno-Sánchez, and Juan Caballero have created an open-source automated tool to track the financial relationships of malicious entities that abuse Bitcoin technology, tested on 30 malware families. The study "Watch Your Back: Identifying Cybercrime Financial Relationships in Bitcoin through Back-and-Forth Exploration," in which they present their research and the tool, was presented at the prestigious CCS'22 conference (ACM Conference on Computer and Communications Security) last November.
READ THE STORY: Lab Manager
AgentTesla Remains Most Prolific Malware in November, Emotet and Qbot Grow
FROM THE MEDIA: Emotet has returned as one of the most prevalent malware in the wild after a quiet summer. Additionally, the Trojan Qbot made the list for the first time since 2021, and the Raspberry Robin worm has had a notable influx in use. These are some of the key findings from Check Point Research (CPR)’s November 2022's Most Wanted Malware report published yesterday, which also highlighted that AgentTesla remained the most prevalent malware last month.
READ THE STORY: InfoSecMag
NSA shares tips on mitigating 5G network slicing threats
FROM THE MEDIA: The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI), have published a joint report that highlights the most likely risks and potential threats in 5G network slicing implementations. The report also provides mitigation advice and a framework for developing defense and prevention strategies implemented by 5G network operators, integrators, and providers.
READ THE STORY: Bleeping Computer
New GoTrim botnet brute forces WordPress site admin accounts
FROM THE MEDIA: A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site. This compromise may lead to malware deployment, injection of credit card stealing scripts, hosting of phishing pages, and other attack scenarios, potentially impacting millions depending on the popularity of the breached sites. The botnet is notorious in the cybercrime underground, but Fortinet became the first cybersecurity firm to analyze it, reporting that while the malware is still a work in progress, it already has potent capabilities.
READ THE STORY: Bleeping Computer
Items of interest
Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems
FROM THE MEDIA: Microsoft on Tuesday disclosed it took steps to implement blocking protections and suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware is concerning not least because it not only undermines a key security mechanism but also allows threat actors to subvert traditional detection methods and infiltrate target networks to perform highly privileged operations.
READ THE STORY: THN
Assembly Language Programming with ARM – Full Tutorial for Beginners (Video)
FROM THE MEDIA: ARM is becoming an increasingly popular language in the world of computer programming. It is estimated that over 200 billion devices contain an ARM chip, making the ARM language valuable to understand.
Intro to Hardware Reversing: Finding a UART and getting a shell (Video)
FROM THE MEDIA: This video is part of the Figurable project, which is geared toward people who are curious about IoT security and looking for that first bite of the apple.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com